1. Internal Audit Effectiveness Quality Assessment
Speaker – CA Kartik Radia
Strictly Private and Confidential
December 2016
1
2. Section 1
What is Internal Audit Effectiveness and
Quality Assessment (IAEQA)- Its need and
importance
3. What is Internal Audit Effectiveness & Quality Assessment?
The Internal Audit Effectiveness & Quality Assessment (IAEQA) is a process for evaluating the
effectiveness, efficiency and quality of the internal audit function. Compliance with the Internal Audit
Standards issued by The Institute of Internal Auditors, USA is a key component to evaluate the quality
compliance of Internal Audit. Standard 1312 – External Assessment of International Standards for
Professional Practice of Internal Auditing and other standards would be referred to for assessing the
quality. Our framework uses balanced scorecard approach to evaluate the effectiveness and efficiency of
internal audit function. Our framework also evaluates the maturity level of the internal audit function and
its elements using IAEQA maturity model framework. The objectives of the effectiveness assessment are:
Assess the alignment of Internal Audit function to Business Objectives
Assess the Internal Audit Planning and scope coverage
Assess the Internal Audit Processes
Develop an Internal Audit Score card
Assess the alignment of Internal Audit Function to Governance initiatives
Assess the compliance of Internal Audit Processes with the standards for professional practice of
Internal Auditing (International Professional Practice Framework)
Key issues to be addressed:
1. How effective is my Internal Audit function?
2. What is Internal Audit effectiveness score?
3. What is the level of quality compliance with the Internal Audit Standards (including External Quality
Assessment)?
3
4. IAEQA – Need, importance and salient features
External Quality Assessment Need – Practice Advisory 1312 (1&2): International Standards for
Professional Practice of Internal Auditing:
“External Assessment should be conducted at least once every five years by a qualified independent
reviewer or review team from outside the organization. The potential need for frequent external
assessment as well as the qualifications and independence of the external reviewer or review team,
including any potential conflict of interest, should be discussed by the chief audit executive with the
Board. Such discussions should also consider the size, complexity and industry of the organization in
relation to the experience of the reviewer or review team.” Standard 1312 – External Assessment.
Independent External Quality Assessment allows the Internal Auditors to state that “The Internal
audit activities are conducted in accordance with the International Standards for Professional Practice
of Internal Auditing”.
Two approaches for doing QA:
1. External Assessments (Practice Advisory 1312-1)
2. Self Assessment with Independent validation (Practice Advisory 1312-2)
Other Salient features:
Benchmarks the IA activity against professional standards
Is conducted for the entire organization wide
Is conducted by a Qualified Independent Reviewer(s)
Is a part of larger Quality Assurance and Improvement Program (QAIP)
4
6. IAEQA – Methodology & Deliverables
Internal Audit Process and Tactical Area Assessments
People
Competence
and Skills
Assessment
IA
Structural
Assessment
Cross
Functional
Engagement
of IA
Compliance with IIA Standards (IPPF)
Internal Audit Process and Tactical Area Assessments
Board Oversight Assessment Tone at the Top
Foundational
3 Essential Pillars
IAEQA is the process for evaluating the effectiveness and quality of Internal Audit Department. IAEQA
is a holistic and scientific process involving review of 6 key components that are key for effectiveness of
Internal Audit Function. Specific action plan after evaluation of each of the key components are
provided to guide the improvement areas and initiatives.
6
7. IAEQA – Methodology & Deliverables
Broad objectives of the engagement are as under:
• Evaluate the overall effectiveness, efficiency and quality of the internal audit
function
• Assess the alignment of Internal audit function to Business Objectives
• Assess the adequacy of coverage of Internal Audit function
• Assess the outcomes of Internal Audit function
• Benchmark the Internal Audit Function with International Professional Practice
Framework (IPPF) for Internal Auditing
Approach
We will conduct an onsite study of Internal Audit Function by conducting interviews
(the Internal audit Management to the Junior most staff), examination, and onsite
observation of Internal Audit processes and activities, examining the documents. The
study involves a holistic evaluation of Internal Audit process, functional coverage, risk
context coverage, quality of Internal Audit findings and observations, skills applied
compliance with IIA Standards and in particular include the following:
• Internal audit planning and scope coverage
• Internal Audit process
7
8. IAEQA – Methodology & Deliverables
• Compliance with IPPF
• Documentation, workflow, sampling methodology and evidence retention
• Internal Audit reports and audit committee presentations
• Interviewing the Head of Internal Audit, Internal Audit Managers and Staff of
Company
Each of the 6 key components are evaluated by using quantitative approach for
evaluation to arrive at the Score Card. Scores are provided against each of the sub-
components after considering their relative importance. Individually all the 6 key
components are scored and action plans are arrived at against each of the component.
Overall IA effectiveness score is arrived at after summing up the scores for all the 6
components.
8
10. Internal Audit Effectiveness and Quality Assessment
components
10
1. Internal Audit Process and Tactical Area Assessments
2. Compliance with IIA Standards (IPPF)
3. People Competence and Skills Assessment
4. IA Structural Assessment
5. Cross Functional Engagement of IA
6. Board Oversight Assessment
12. IAEQA components - Internal Audit Process and Tactical
Area Assessments
People Competence and
Skills Assessment
What We Do How We Do
Review of the Internal Audit scope and checklist by
conducting walk through of the audit procedures and
re-performance of Internal Audit Procedures by
selecting tactical business areas
Conduct critical review of observations, analysis
and probing conducted by Internal Audit Team
12
13. Internal Audit Process and Tactical Area Assessments (IAPTA)
What we did Areas we covered How we did
1. Inadequate coverage of scope
2. Inadequate identification of
risks
3. Language clarity of checks in
the Audit checklist
4. Specific analytics / annexure
not stated as part of checks
1
Inadequate Internal Audit
Risk Context (Inadequate
checklist coverage) 2
Assessment of Internal Audit
Procedures (Verifiability,
Documentation and
sampling guidance)
3
Assessment of Internal Audit
observations
Design
1. Risk Control Matrix (RCMS)
1. Absence of adequate documentation of
working papers i.e. execution, team
audit briefings, minutes of meetings etc.
2. Absence of Sample testing guidance on
sample size and selection and sample
trail
3. Positive assurance on checks performed
and no findings are unverifiable
4. Nature of audit procedures not
enumerated i.e. analytics, interview etc.
5. Time utilization of resources not
maintained and monitored
1. Clarity and language issues in
observations
2. Inadequate analytics information
3. Root cause not clear and not stated at
many instances
4. Recommendations not specific and
sufficient to resolve the observation
5. Action plan and Implementation
timelines missing in reports
6. Follow-up audit not done periodically
IA Transformation
1. Redefine IA Charter
2. Redefine exhaustive Checklists
3. Guidance on Audit Procedures e.g..
Sampling Techniques
1. IA Ongoing Effectiveness Review
2. Trainings Programs for Internal
Auditors
Reviewed the Internal Audit scope
and checklist
Conducted critical review of
observations, analysis and probing
conducted by Internal Audit Team
Methodology
and
Approach
Findings
suggested
Action
Plan
Conducted walk through of the audit
procedures and re-performed Internal
Audit Procedures
Selected 4 tactical areas – Purchases,
Inventory, Plantations and Out growers
13
14. Key Outcome # 2 Assessment of Audit performed for key Audit
Areas
Score card of Audit performed for
Procurement
Evaluation Parameters Score Weights
A) IA Risk Context 9 30
Scope Coverage 5 15
Checklist 4 15
Internal Audit Procedures 5 30
Verifiability-Documentation-
Working Papers
2 15
Audit Techniques – e.g.
Sampling
2 8
Time Monitoring 1 7
Assessment of Audit
findings
9 40
Analytics 2 20
Completeness of report sections 2 5
Drafting , Clarity and Detailing 3 10
Follow-up 2 5
Total 23 100
Score card of Audit performed for Inventory
Evaluation Parameters Score Weights
A) IA Risk Context 12 30
Scope Coverage 5 15
Checklist 7 15
Internal Audit Procedures 7 30
Verifiability-Documentation-
Working Papers
3 15
Audit Techniques – e.g. Sampling 3 8
Time Monitoring 1 7
Assessment of Audit
findings
12 40
Analytics 4 20
Completeness of report sections 3 5
Drafting , Clarity and Detailing 3 10
Follow-up 2 5
Total 31 100
14
15. Key Outcome# 2 IAPTA Central Zone - Procurement Audit
15
16. Key Outcome# 2 IAPTA Central Zone - Procurement Audit
Internal Audit Procedures – Verifiability-Documentation-Working Papers, Sampling,
Time utilization
Sr.
No.
Current Inadequate Internal Audit Procedures. Recommendations
1
Inadequate working papers:
Absence of checklist point-wise adequate working papers for
positive assurance and for demonstrating completing the
items in checklist.
e.g.1 Supplier ledgers reconciled and no audit findings but
the same is not recorded in the working papers
e.g.2 PR and PO approval were checked and no audit
findings were there is this area but the same is not recorded
in the working papers
e.g.. 3 Audit Test check basis the compliance of P4, project
procurement policy etc.
Each and every check
mentioned in the Checklist
should be demonstrable and
verifiable (that it has been
performed).
Positive Assurance to be
given on the points where
there are no audit findings.
Trail for samples selected
should be retained as working
papers evidence.
Working paper file – hard
copy as well as electronic
copy should be retained for
future review.
16
17. Key Outcome# 2 IAPTA Central Zone - Procurement Audit
Inadequate / deficient audit findings
Internal Audit team has not been adequately drafted and concluded audit observations. Sufficient
analysis of the audit issues is not carried out. Sufficient probing is not carried out by Internal Audit
Team.
Illustration 1 – Audit checklist - To verify the list of rejected material and its accountability in
ERP and also finance ledgers.
Company Observation
We performed audit of items / materials from the
point delivery to inspection and verification of items
by the end users and identified items amounting to
Ugx.75,276,956/= were rejected for the period of
January to September 2014.
Company Recommendation
1. Penalties should be in force to items supplied
not as per the POs specifications.
2. Company can advertise in the news papers for
such rejected items to be disposed off.
3. Monthly reconciliations should be done in
relation to rejected items by materials
department and reports sent to Accounts, and
Audit can always verify the reconciliation of
rejected items on a quarterly basis.
Assessment of Internal Audit Observations
17
18. Key Outcome# 2 IAPTA Central Zone - Procurement Audit
1. Audit Team should have probed into the reasons for rejection in individual cases.
2. Reasons for this rejection should have been obtained and issue source should be identified i.e.
poor quality sent by vendor, incorrect materials ordered by procurement team, or damage in transit
etc.
3. Audit should have checked and commented whether refund of payment made to vendor is
received by Company, if the payment was made earlier. Or Debit note is raised on the Vendor.
4. Audit Team should have checked the Ageing of rejected items and commented on aged rejected
items still lying in factory
5. Audit Team should have reviewed and commented if there is any defined Turn-Around-Time
(TAT) for returning materials and for receiving the payment refund from the vendor and if not then,
Audit should have recommended for defining TAT.
6. Audit should have reviewed if rejection is for critical or insurance stores, whether the delay in
availability resulting from rejection causes any delay or break-down in production or has a
potential to cause any delay or break-down.
7. Audit Team should have recommended performance evaluation of vendors to be undertaken
on timely basis with key parameters being delayed delivery, rejections, poor quality etc.
Assessment of Internal Audit Observations
18
19. Key Outcome # 2 Assessment of Audit performed for key Audit
Areas
Score card of Audit performed for
OutGrower
Evaluation Parameters Score Weights
A) IA Risk Context 13 30
Scope Coverage 6 15
Checklist 7 15
Internal Audit Procedures 8 30
Verifiability-Documentation-
Working Papers
5 15
Audit Techniques – e.g. Sampling 2 8
Time monitoring 1 7
Assessment of Audit
findings
14 40
Analytics 7 20
Completeness of report sections 3 5
Drafting , Clarity and Detailing 2 10
Follow-up 2 5
Total 35 100
Score card of Audit performed for
Plantation
Evaluation Parameters Score Weights
A) IA Risk Context 21 30
Scope Coverage 11 15
Checklist 10 15
Internal Audit Procedures 20 30
Verifiability-Documentation-
Working Papers
11 15
Audit Techniques – e.g. Sampling 4 8
Time monitoring 5 7
Assessment of Audit
findings
21 40
Analytics 7 20
Completeness of report sections 4 5
Drafting , Clarity and Detailing 6 10
Follow-up 4 5
Total 62 100
19
20. k
Benchmarking with Profiler
QAR is designed to help the internal audit function as well as the management meet the defined expectations. The
review is designed to assist the Audit Committee and Senior Management in assessing the effectiveness of their
internal audit function by benchmarking their procedures and work practices against similar functions across the
industry, as well as against professional standards issued by the Institute of Internal Auditors (IIA), Florida.
Our QAR centers around 5 areas linked to the attributes of high performance
Our proprietary benchmarking tool - ProfilerTM
Benefits to You
Benchmarking of IA
function with its peers
Assurance over working
practices and compliance
to IIA standards
Understanding
stakeholders expectations
and assessing current
gap
Evaluation of efficiency
and effectiveness of IA
processes
Assessment of skills and
competencies of IA staff
Review of fitment of IA
function in organization
structure
20
22. IAEQA components –Compliance with IIA Standards
People Competence and
Skills Assessment
What We Do How We Do
Review of the IA function to analyze:
Whether the internal audit function complies with the
Internal Audit Standard issued by the Institute of
Internal Auditors (Standards for Professional Practice
of Internal Auditing – including Practice Advisory
1312 (1&2)?
Do the Internal Audit activities and practices confirm
compliance with definition of internal auditing, code
of ethics, use of successful practices and efficiency and
effectiveness of internal audit activity.
Review the activities carried out against the
attribute standards and performance standards and
Score card preparation.
22
23. Key Outcome # 2 – Compliance with IIA Standards (IPPF)
Attribute Standards (25%)
Components Score Weights
Managing the Internal Audit
Activity (effectively and efficiently)
8 25
Nature of work (Governance, Risk
Management & Controls)
2 10
Engagement Planning
(Engagement plan, scope, resource
allocation, work program)
3 10
Engagement Performance
(Information, Analytics,
documentation, Supervision –
Quality Review)
4 15
Communicating the results
(Reports and Presentations)
3 15
Total Performance Score 20 75
Performance Standards (75%)
Total score = 28/ 100
Components Score Weights
Purpose, Authority and
Responsibility
4 7
Independence and Objectivity 2 5
Proficiency and Due Professional
Care 2 9
Quality Assurance and
Improvement Program (QAIP)
0 4
Total Attributes Score 8 25
23
24. Key Outcome # 2 – Action Plan for IIA Standards (IPPF)
Compliance
1. Internal Audit Charter to be redesigned and should be approved by the Board – Internal Audit
Charter should define the following
A. Constitutional position of the Internal Audit Department with respect to the Organization –
Empowerment and Positioning of Internal Audit Department
B. Role of Internal Audit Department – KRAs and KPIs of Internal Audit Department
C. Outcome of the Internal Audit Department to be used for Performance Appraisal of the HODs
and Functional Managers. Engagement with IA by way of support and co-operation as well
No. of High, Medium and Low Findings to be used for Performance Appraisal of HODs /
Functional Managers.
D. Board and Audit Committee Reporting by Internal Audit Department and review of progress
(by reviewing Progress Reports to be submitted by IA Department), performance and QAIP of
Internal Audit Department by the Board / Audit Committee
E. Internal Audit Methodology to be followed by Internal Audit Department
F. Value Addition Role to be played by Internal Audit Department for Internal Controls
Framework, Enterprise Risk Management, Governance Framework and Fraud Risk
Mitigation (Anti-fraud Controls)
24
25. Key Outcome # 2 – Action Plan for IIA Standards (IPPF)
Compliance
2. Enhance the quality of Internal Audit Report by improving:
A. Clarity of issue communication (language of the Audit Report) and clarity of Risk Context
B. Quality of analysis and sufficiency of details
25
26. Key Outcome # 2 – Action Plan for IIA Standards (IPPF)
Compliance
3. Internal Audit Transformation Project to be carried out covering:
A. Designing of Risk and Controls Matrix (through Systematic Risk assessment)
B. Scope enhancements (IT Audits, ERP Audit (including Business Application Audit), Succession
Planning Audit, Quality Department, Scrap Management, Marketing, Management
Information System, Preventive Maintenance (Equipment-wise), Contract Agreement
Management, Human Resource Function, Statutory Compliance with respect to Labour Law,
Plantation Laws, Efficiency of Logistics Operations, Cost of Production.
C. Sampling methodology guidance
D. Analytics – Key items of Data Analytics for Internal Audit
E. Verifiability: documentation trail and detailed working papers,
F. Quality review by Supervisors, Internal Audit Managers and Internal Audit Head
G. Mechanisms for Follow-up Audit (Implementation Effectiveness Review),
H. Quality Assurance and Improvement Plan (QAIP) for Internal Audit Department
I. Time monitoring mechanisms – assignment wise Time monitoring and utilization review
J. Training and Continuing Professional Education of Internal Audit staff – On-the-job: Risk
context, business understanding, probing skills, documentation and working papers, drafting
of audit reports , IFRS and Soft-skills (interviewing and communication).
26
28. IAEQA components - People Competence and Skills
Assessment (PCSA)
People Competence and
Skills Assessment
What We Do How We Do
We interview the IA Head about the role played by
him and evaluate the contribution made by him/her
Specific inquiries and observations are made about
the following:
1) Quality Review of Engagement and Reports
2) Value addition done by him/her - Changes
suggested
3) Management discussion and Engagement
process
4) Organizational positioning – Empowerment,
Positioning, Authority and Responsibility
5) Conflict resolution with process owners/
Escalation process
6) People development agenda
a. Interaction with the team and skip level
meetings
b. Formal mentoring
c. KRAs and (PIP) Personal Improvement
Plan of IA Team members
7) Usage of technology in IA (analytics)
We create parameters for evaluation of GM –
Internal Audit and evaluate him against each of
the parameters using a balanced scorecard
approach.
28
29. IAEQA components - People Competence and Skills
Assessment (Cont..)
People Competence and
Skills Assessment
What We Do How We Do
Interview the IA Managers about the role played by
them and evaluated the contribution made by them.
Specific inquiries and observations are made about
the following:
1) Knowledge of Risk Context
2) Auditing skills and experience
3) Nature of Audit procedures performed
4) Quality of work performed and documented
5) Quality Review of work done by juniors
6) Value addition done
7) People Management – guidance, motivation,
interactions and feedback
8) Engagement with Process Owners
We create the parameters for evaluation of IA
Managers and evaluate each of the IA Managers
against each of the parameters using a balanced
scorecard approach
29
30. Key Outcome # 3 – People Competencies and Skills Assessment
How we did?
We created parameters for evaluation of GM –
Internal Audit and evaluated him against each of the
parameters using a balanced scorecard approach.
Score card of GM Internal Audit
Evaluation Parameters Score Weights
A) Tactical Areas 19 80
IA transformation – Risk
Assessment / scoping &
signoff /calendar/RCMs/
checklist/ sample
guidance/documentation
8 30
People Development 5 10
Usage of technology 0 10
IA Outcomes (Report ) 2 10
Value Addition role 2 10
Building competencies - SME 2 10
B) Structure &
Governance
3 20
Focus on governance – Risk
Management, Fraud Risk
0 5
IA Charter - Empowerment,
Authority and Responsibility
3 10
QAIP 0 5
Total 22 100
What we did?
Interviewed the IA Head about the role played by him
and evaluated the contribution made by him. Specific
inquiries and observations were made about the following:
1) Quality Review of Engagement and Reports
2) Value addition done by him - Changes suggested
3) Management discussion and Engagement process
4) Organizational positioning – Empowerment,
Positioning, Authority and Responsibility
5) Conflict resolution with process owners/ Escalation
process
6) People development agenda
1) Interaction with the team and skip level
meetings
2) Formal mentoring
3) KRAs and (PIP) Personal Improvement Plan of
IA Team members
7) Usage of technology in IA (analytics)
30
31. Key Outcome # 3 – People Competencies and Skills Assessment
How we did?
We created the parameters for evaluation of IA
Managers and evaluated each of the IA Managers
against each of the parameters using a balanced
scorecard approach.
Score cards of Internal Audit Managers
Evaluation Parameters Weights Jackson Manas
Knowledge of Risk Context 20 8 12
Challenge the work done by
juniors / Audit procedures/
checklist review
20 4 12
Report quality review 20 8 12
Timeliness monitoring 10 2 6
People Management 10 6 6
Engagement with Process
owners
10 4 6
IIA Standards compliance 10 2 4
Total Scores 100 26 58
What we did?
Interviewed the IA Managers about the role played
by them and evaluated the contribution made by
them. Specific inquiries and observations were
done about the following:
1) Knowledge of Risk Context
2) Auditing skills and experience
3) Nature of Audit procedures performed
4) Quality of work performed and documented
5) Quality Review of work done by juniors
6) Value addition done
7) People Management – guidance, motivation,
interactions and feedback
8) Engagement with Process Owners
Note: Both managers have good potential and can
be groomed to become future leaders
31
32. Key Outcome # 3 – Action Plan for People Competencies and
Skills Assessment
4. Performance Management System for Internal Audit staff to be designed and approved by
the Board – Internal Audit Charter should define the following
A. KRAs (Key Result Areas) of IA Head, IA Managers and IA Staff should be defined
scientifically,
B. Operational KPIs (Key Performance Indicators) for IA Processes should be determined,
C. Performance Appraisal of the IA Head, IA Managers and IA Staff should be done regularly
based on achievement of specific KRAs and delivery of KPIs. Regular Appraisals (Quarterly,
as well as Annually) should be done for IA Head, IA Managers and IA Staff,
D. Assignment-wise Performance Review should be done for each scope assignment carried out
by IA Staff. Quarterly Appraisals would be an addition of Assignment-wise ratings,
E. Talent Recognition should be done for recognizing performance of IA Staff. Quarterly stars
should be recognized for each quarter,
F. Monetary Performance incentives – quarterly basis should be provided to Internal Audit Staff
and variable pay (performance linked) structure should be designed for IA Managers and
above
G. Formal Mentoring program for grooming the IA Managers and Staff
32
33. 5. Formal Training and Continuing Education Program to include following as per IA
Transformation – Action Plan #3 (Key Outcome # 2) for IIA Standards compliance:
A. On-the-job: Risk context, business understanding, probing skills, documentation and working
papers, drafting of audit reports, IFRS; and
B. Soft-skills (interviewing and communication).
6. Enhance internal interactions within IA Team: Establish and Internal Audit Circle for
formulating Department vision and plan and to discuss departmental issues:
A. Formal Monthly IA internal meeting to be chaired by IA Head to share the insights and issues
on audit and general knowledge sharing,
B. Skip-level meetings within IA Department (for e.g.. skip level between IA Head and Assistant
Managers),
C. Knowledge sharing on important and emerging topics
Key Outcome # 3 – Action Plan for People Competencies and
Skills Assessment
33
35. IAEQA components - Board Oversight Assessment
What We Do How We Do
We review the role played by the Board in
overseeing the Internal Audit Function by
reviewing:
1. Constitutional empowerment to Internal Audit
Function,
2. Board’s involvement in Internal Audit Plan
3. Board Reporting and review of Internal Audit
Reports, quarterly presentations and QAIP
4. Conflict resolution
5. Board’s involvement in Performance Appraisal
of Internal Audit Function
We create the parameters for evaluation of
Board oversight for Internal Audit Function and
evaluate each of the parameters of Board oversight
using a scorecard approach.
35
36. Key Outcome # 4 – Board Oversight Assessment
Evaluation Parameters Score Weights
Internal Audit Empowerment –
Positioning, Authority and Responsibility
10 20
Board Involvement in Internal Audit
Plan:
• Approval by Board of Internal Audit
Plan,
• Involvement by Board in Internal
Audit Scoping and Plan and
• Suggestion by the Board on Internal
Audit special projects
8 15
Board Reporting – review of Internal
Audit Reports, Quarterly Internal Audit
Presentations and QAIP
15 25
Conflict Resolution – Resolving conflicts
with the HODs / Process Owners
4 15
Performance Appraisal of IA Function by
the Board:
IA Progress,
IA Team KRAs – IA Head and IA
Managers KRAs,
Performance Appraisal of Internal
Audit Head / Department / Staff
0 25
Total 37 100
How we did?
We created the parameters for evaluation
of Board oversight for Internal Audit
Function and evaluated each of the
parameters of Board oversight using a
scorecard approach.
What we did?
We reviewed the role played by the Board
in overseeing the Internal Audit Function
by reviewing:
1) Constitutional empowerment to Internal
Audit Function,
2) Board’s involvement in Internal Audit
Plan
3) Board Reporting and review of Internal
Audit Reports, quarterly presentations
and QAIP
4) Conflict resolution
5) Board’s involvement in Performance
Appraisal of Internal Audit Function
36
37. Key Outcome # 4 – Action Plan for Board oversight assessment
1. As per Action Plan # 1, Internal Audit Charter to be redesigned and should be approved
by the Board – Internal Audit Charter should define the following
A. Constitutional position of the Internal Audit Department with respect to the Organization –
Empowerment and Positioning of Internal Audit Department
B. Role of Internal Audit Department – KRAs and KPIs of Internal Audit Department. Board
should define the KRAs of Internal Audit Head and Managers.
C. Board to review on a quarterly basis, the Internal Audit Presentation s/ Internal Audit
Reports and Internal Audit Progress Reports as well as QAIP
D. Board to do Performance Appraisal of the Internal Audit Head and Review the Performance
Appraisal of the IA Managers as done by the IA Head
2. Board to review and resolve conflicts, if any, on a regular basis
3. Board to suggest inclusions to Internal Audit Plan and approve the Internal Audit
Plan, after discussion
37
39. IAEQA components - Internal Audit Structural Assessment
What We Do How We Do
We evaluate structural foundation for Internal
Audit Function considering the following: reviewed
the role played by the Board in overseeing
the Internal Audit Function by reviewing:
1. Empowerment to IA – positioning, authority
and responsibility
2. Investments in IA Function
3. Control Self Assessment methodology deployed
by Management
4. IA Involvement in Ex-Co meetings
5. Role of IA in Governance, ERM, Internal
Controls and Fraud prevention
We create the parameters for evaluation of IA
Structural Foundation and evaluated each of these
parameters using a balanced scorecard
approach
39
40. Key Outcome # 5 – IA Structural Assessment
Evaluation Parameters Score Weights
Empowerment , positioning, authority
and responsibility
8 40
IA Charter 4 15
Board Reporting 4 10
Performance appraisals of HODs
and Functional Managers to include
IA Engagement and Findings
0 15
Investment in Internal Audit Function
– People, Tools and External Expertise
Co-sourcing
10 20
Control Self Assessment as a
Management Responsibility 1st Line of
Defence*
0 15
Involvement of Internal Audit in
Business review meetings
0 10
IA role in Governance Framework,
Internal Controls Framework,
Enterprise Risk Management, Anti-
Fraud Controls
0 15
Total 18 100
*Internal Audit should be a 3rd Line of Defence (COSO
2013 – Internal Controls Framework)
How we did?
We created the parameters for evaluation
of IA Structural Foundation and evaluated
each of these parameters using a balanced
scorecard approach.
What we did?
We evaluated structural foundation for Internal
Audit Function considering the following:
reviewed the role played by the Board in
overseeing the Internal Audit Function by
reviewing:
1) Empowerment to IA – positioning,
authority and responsibility
2) Investments in IA Function
3) Control Self Assessment methodology
deployed by Management
4) IA Involvement in Ex-Co meetings
5) Role of IA in Governance, ERM, Internal
Controls and Fraud prevention
40
41. Key Outcome # 5 – Action Plan for IA Structural Enhancement
1. As per Action Plan # 1, Internal Audit Charter to include the following:
A. Constitutional position of the Internal Audit Department with respect to the Organization –
Empowerment and Positioning of Internal Audit Department
B. Role of Internal Audit Department – KRAs and KPIs of Internal Audit Department. Board
should define the KRAs of Internal Audit Head and Managers.
C. Board to review on a quarterly basis, the Internal Audit Presentation s/ Internal Audit
Reports and Internal Audit Progress Reports as well as QAIP
D. Board to do Performance Appraisal of the Internal Audit Head and Review the Performance
Appraisal of the IA Managers as done by the IA Head
E. Outcome of the Internal Audit Department to be used for Performance Appraisal of the HODs
and Functional Managers. Engagement with IA by way of support and co-operation as well
No. of High, Medium and Low Findings to be used for Performance Appraisal of HODs /
Functional Managers.
F. Value Addition Role to be played by Internal Audit Department for Internal Controls
Framework, Enterprise Risk Management, Governance Framework and Fraud Risk
Mitigation (Anti-fraud Controls)
41
42. Key Outcome # 5 – Action Plan for IA Structural Enhancement
2. Board and Management to institutionalize Controls Self Assessment (CSA) Framework
whereby Critical and Key Controls are defined for self assessment by HOD on a quarterly basis.
3. IA Head and Managers to be involved in Ex-Co (key management review) meetings in
order for them to comprehend key business issues that require Internal Audit attention as a result of
emerging and changing risk scenarios
4. Enhance the investments in Internal Audit Function (about 194000 USD):
1. Additional People to deployed for Internal Audit of Plantations and Outgrowing Function
2. Additional Transportation Tools for Internal Auditors of Plantations
3. Additional Computers for Internal Auditors of Plantations
4. External Co-sourced Expertise for ongoing effectiveness of Internal Audit Function.
42
43. Investments in Internal Audit function
Particulars Amount in USD
Additional Computers for Internal Auditors 7,000
Additional Transportation Tools for Internal
Auditors of Plantations
7,000
External Co-sourced Expertise for ongoing
effectiveness of Internal Audit Function
150,000
Total 1,64,000
Particulars Amount in USD
Additional People to deployed for Internal
Audit of Plantations and Outgrowing
Function
30,000
Total 30,000
Grand Total 194,000
43
45. Key Outcome # 6 – Cross Functional Engagement of IA
Evaluation Parameters Score Weights
IA Involvement in monthly
business review meetings
0 20
Participation of IA Head along
with respective IA Manager in
exit meetings
18 25
Involvement of Functional
HODs and Managers in IA
annual plan & scope
6 20
Role of Internal Audit in
Internal Controls Advocacy /
Governance Advocacy /Risk
Management Advocacy / Anti-
fraud Controls
0 25
Management request for
inclusion of special audit areas
in scope
4 10
Total 28 100
How we did?
We created the parameters for evaluation of
Cross Functional Engagement of Internal Audit
and evaluated each of these parameters using a
balanced scorecard approach.
What we did?
We evaluated structural the Cross Functional
Engagement of Internal Audit with other Functions
by considering the following:
1) Involvement of IA Head and IA Managers in
Ex-Co Management Meetings to enable the IA
to business contextualize their IA Program and
focus on business relevant issues
2) Participation of IA Head along with respective
IA Manager in the exit meetings
3) Involvement of HOD and Functional Managers
in IA Planning and Scope
4) Role of Internal Audit in Internal Controls
Advocacy / Risk Management Advocacy / Anti
Fraud Controls
45
46. Key Outcome # 6 – Action Plan for Cross Functional
Engagement of IA
1. As per Action Plan # 10, IA Head and Managers to be involved in Ex-Co (key management
review) meetings in order for them to comprehend key business issues that require Internal Audit
attention as a result of emerging and changing risk scenarios
2. IA should involve HODs and Functional Managers in Annual Internal Audit Planning
and Scoping exercise and consult them for audit of any special areas to be conducted, if any
3. IA Head should participate in all exit (closure) meetings along with the respective IA
Manager, in order to increase the level of cross functional engagement with other functions
4. IA should initiate the process of On-going IA Effectiveness Review as a part of QAIP of IA
Department
5. As per Action Plan # 1, Internal Audit should add value by playing a role of Internal
Controls Advocacy, Risk Management Advocacy, Governance Advocacy and Anti-
fraud controls specialist. IA should add value by assisting in implementing the above
Frameworks. IA Charter to include this role as per Action Plan # 1
46
47. IAEQA components - Cross Functional Engagement of IA
What We Do How We Do
We evaluate the structure of the Cross Functional
Engagement of Internal Audit with other Functions
by considering the following:
1. Involvement of IA Head and IA Managers in Ex-
Co Management Meetings to enable the IA to
business contextualize their IA Program and
focus on business relevant issues
2. Participation of IA Head along with respective
IA Manager in the exit meetings
3. Involvement of HOD and Functional Managers
in IA Planning and Scope
4. Role of Internal Audit in Internal Controls
Advocacy / Risk Management Advocacy / Anti
Fraud Controls
We create the parameters for evaluation of
Cross Functional Engagement of Internal Audit and
evaluated each of these parameters using a
balanced scorecard approach.
47
48. Key Outcome # 6 – Cross Functional Engagement of IA
Evaluation Parameters Score Weights
IA Involvement in monthly
business review meetings
0 20
Participation of IA Head along
with respective IA Manager in
exit meetings
18 25
Involvement of Functional
HODs and Managers in IA
annual plan & scope
6 20
Role of Internal Audit in
Internal Controls Advocacy /
Governance Advocacy /Risk
Management Advocacy / Anti-
fraud Controls
0 25
Management request for
inclusion of special audit areas
in scope
4 10
Total 28 100
How we did?
We created the parameters for evaluation of
Cross Functional Engagement of Internal Audit
and evaluated each of these parameters using a
balanced scorecard approach.
What we did?
We evaluated the structure of the Cross Functional
Engagement of Internal Audit with other Functions
by considering the following:
1) Involvement of IA Head and IA Managers in
Ex-Co Management Meetings to enable the IA
to business contextualize their IA Program and
focus on business relevant issues
2) Participation of IA Head along with respective
IA Manager in the exit meetings
3) Involvement of HOD and Functional Managers
in IA Planning and Scope
4) Role of Internal Audit in Internal Controls
Advocacy / Risk Management Advocacy / Anti
Fraud Controls
48
49. Key Outcome # 6 – Action Plan for Cross Functional
Engagement of IA
1. As per Action Plan # 10, IA Head and Managers to be involved in Ex-Co (key management
review) meetings in order for them to comprehend key business issues that require Internal Audit
attention as a result of emerging and changing risk scenarios
2. IA should involve HODs and Functional Managers in Annual Internal Audit Planning
and Scoping exercise and consult them for audit of any special areas to be conducted, if any
3. IA Head should participate in all exit (closure) meetings along with the respective IA
Manager, in order to increase the level of cross functional engagement with other functions
4. IA should initiate the process of On-going IA Effectiveness Review as a part of QAIP of IA
Department
5. As per Action Plan # 1, Internal Audit should add value by playing a role of Internal
Controls Advocacy, Risk Management Advocacy, Governance Advocacy and Anti-fraud
controls specialist. IA should add value by assisting in implementing the above Frameworks. IA
Charter to include this role as per Action Plan # 1
49